Work in progress

It will be there soon

https://docs.microsoft.com/en-us/learn/modules/protect-against-security-threats-azure/5-manage-password-key-vault

In this lab we will practice Managing a password in Azure Key Vault

Azure lab 106 }}

As Tailwind Traders builds its workloads in the cloud, it needs to carefully handle sensitive information such as passwords, encryption keys, and certificates.

This information needs to be available for an application to function, but it might allow an unauthorized person access to application data.

Azure Key Vault is a centralized cloud service for storing an application’s secrets in a single, central location.

It provides secure access to sensitive information by providing access control and logging capabilities.

Azure Key Vault can help you:

Manage secrets You can use Key Vault to securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.
Manage encryption keys You can use Key Vault as a key management solution. Key Vault makes it easier to create and control the encryption keys that are used to encrypt your data.
Manage SSL/TLS certificates Key Vault enables you to provision, manage, and deploy your public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for both your Azure resources and your internal resources.
Store secrets backed by hardware security modules (HSMs) These secrets and keys can be protected either by software or by FIPS 140-2 Level 2 validated HSMs.

Here’s an example that shows a certificate used for testing in Key Vault.

A screenshot of the Azure portal showing a test certificate in Azure Key Vault.

You’ll add a secret to Key Vault later in this module.

The benefits of using Key Vault include:

Centralized application secrets Centralizing the storage for your application secrets enables you to control their distribution, and reduces the chances that secrets are accidentally leaked.
Securely stored secrets and keys Azure uses industry-standard algorithms, key lengths, and HSMs. Access to Key Vault requires proper authentication and authorization.
Access monitoring and access control By using Key Vault, you can monitor and control access to your application secrets.
Simplified administration of application secrets Key Vault makes it easier to enroll and renew certificates from public certificate authorities (CAs). You can also scale up and replicate content within regions and use standard certificate management tools.
Integration with other Azure services You can integrate Key Vault with storage accounts, container registries, event hubs, and many more Azure services. These services can then securely reference the secrets stored in Key Vault.

You have two option to complete this lab

Use your own azure subscription, you can sign up for trial here
Use Microsoft Learn sandbox. Check more details here

Click here to activate SandBox

Sign into you Microsoft Account

}} It might ask you to verify you are not a robot but solving a puzzle.

}} Click on review permissions

}} Read permissions and click Accept

}} If you already did signin into you Microsoft Account you will get below message.

Click on activate sanbox.

}} After processing it will show below message.

}} You are all set go to next step.

Open a new tab in browser and open https://portal.azure.com

If you get below message click on X to close it

Else go to next step

}}

In this exercise, you add a password to Azure Key Vault. A password is an example of sensitive information that you need to protect.

You then read the password from Azure Key Vault to verify that the password is accessible.

In practice, there are several ways to add secrets to and read secrets from Key Vault.

You can use the Azure portal, the Azure CLI, or Azure PowerShell.

By using your favorite programming language, your applications can also securely access the secrets that they need.

Here, you create a secret in Key Vault by using the Azure portal.

You then access the secret from the portal and from the Azure CLI in Azure Cloud Shell.

The Azure CLI is a way to work with Azure resources from the command line or from scripts.

Cloud Shell is a browser-based shell experience to manage and develop Azure resources. Think of Cloud Shell as an interactive console that runs in the cloud.

Create a key vault

Go to the Azure portal.

On the Azure portal menu, or from the Home page, under Azure services, select Create a resource. The Create a resource pane appears.

In the search bar, enter Key Vault, and then select Key Vault from the results. The Key Vault pane appears.

Select Create. The Create a key vault pane appears.

On the Basics tab, enter the following values for each setting.

Project details

Subscription Concierge Subscription

Resource group [sandbox resource group name]

Instance details

Key vault name my-keyvault-NNN where NNN is a unique identifier

Accept the remaining settings at their default values.

Select Review + create, and after passing validation, select Create.

Wait for deployment to successfully complete.

Select Go to resource.

Take note of some of the details about your key vault.

For example, the Vault URI field shows the URI that your application can use to access your vault from the REST API.

Here’s an example for a key vault that’s named my-keyvault-321:

A screenshot of the Azure portal showing details about a key vault. It shows fields such as the parent resource group, location, and DNS name.

As an optional step, on the left menu pane, under Settings, examine some of the other features.

Although they’re initially empty, here you’ll find places where you can store keys, secrets, and certificates.

Add a password to the key vault

On the left menu pane, under Settings, select Secrets. Your key vault pane appears.

From the top menu bar, select Generate/Import. The Create a secret pane appears.

Fill in the following values for each setting.

Upload options Manual

Name MyPassword

Value hVFkk96

Accept the remaining settings at their default values. Notice that you can specify properties such as the activation date and the expiration date.

You can also disable access to the secret.

Select Create.

Show the password

Here, you access the password from Key Vault two times.

First, you access it from the Azure portal. Next, you access it from the Azure CLI.

From your Key Vault/Secrets pane, select MyPassword.

The MyPassword/Versions pane appears. You see that the current version is enabled.

Select the current version. The Secret Version pane appears.

Under Secret Identifier, you see a URI that you can now use with applications to access the secret.

Remember, only authorized applications can access this secret.

Select Show Secret Value. The unique value for this version of the password appears.

A screenshot of the Azure portal showing the secret value in the key vault.

From Cloud Shell, run this command.

Azure CLI
az keyvault secret show \
    --name MyPassword \
    --vault-name my-keyvault-NNN \
    --query value \
    --output tsv

You see the password in the output.

hVFkk96

Summary

Good work! At this point, you have a key vault that contains a password secret that’s securely stored for use with your applications.

Clean up

The sandbox automatically cleans up your resources when you’re finished with this module.

When you’re working in your own subscription, it’s a good idea at the end of a project to identify whether you still need the resources you created.

Resources that you leave running can cost you money.

You can delete resources individually or delete the resource group to delete the entire set of resources.